Modern field guide to security and privacy

In aftermath of the DNC hack, experts warn of new front in digital warfare

Last month's Democratic National Committee leaks underscore the value of data in the hands of nations, hacktivists, and terrorists.

Maxim Zmeyev/Reuters
A view of the Kremlin in July through a construction fence

Cybersecurity experts and US officials often point fingers at Moscow after digital attacks that cause a political stir – from last year's Ukraine grid hack that led to a widespread power outage to the Democratic National Committee data breach.

But if the Kremlin is indeed behind the DNC hack and helped orchestrate the subsequent WikiLeaks dump of sensitive emails on the eve of the Democrats' convention, Russia has opened a new front in information warfare that may fundamentally change the value of data in national security.

"This is what cyberconflict actually looks like," says James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), a Washington think tank. “The problem in the US is we’re very militarized, so we tend to think about attacking infrastructure. The Russian approach is much more political and about trying to manipulate public opinion."

While WikiLeaks founder Julian Assange did not confirm or deny that Russian hackers turned over the DNC email, many cybersecurity and political experts have connected the leak back to the Russian government.

If the leak originated in Moscow, it would be among the first known state-backed digital attacks to harness the power of the internet with the aim of manipulating a US presidential election. 

"We’re very used to seeing hacktivists grabbing and spilling information to build up their hacker cred," said Scott Donnelly, an analyst at the cybersecurity firm Recorded Future. “This is very different because this is very likely a nation-state taking information and spilling it. That’s not something that’s been done."

From the 2014 Home Depot hack that compromised millions of credit card numbers to last year's massive Office of Personnel Management breach that exposed vast amounts of sensitive information belonging to government employees, the frequency and severity of data breaches only seems to be worsening. 

But instead of replicating the typical hacking or digital spying playbook, the DNC hack is more akin to a tactic of Islamic State supporters who publish lists full of Americans’ names and personal information or North Korea-backed hackers who breached Sony Pictures in 2014 to force the cancellation of a movie criticizing North Korean leader Kim Jong Un.

It's more about exposing information – even if it's already public or seemingly innocuous on its own – to create an instrument for propaganda, terror, or sewing discontent. 

"The world we live in has gone from a cybersecurity crisis where an adversary can steal your data to one where the adversary can become telepathic," says Tom Kellermann, chief executive at Strategic Cyber Ventures, a firm that invests in cybersecurity startups. "They’re trying to change hearts and minds now through stolen data."

It also appears Moscow is increasingly relying hacking to fulfill an ambitious global agenda – and undercut the US. 

Last summer, the cybersecurity firm Trend Micro warned the US government that suspected Russian hackers targeted the personal data of 2,600 people considered among the most influential in Washington. And in May, Germany’s national intelligence service said Russian hackers were behind a massive breach of the country’s parliament and ruling party. The cybersecurity firm Arbor Networks tied a string of cyberattacks intended to erase digitized results in Ukraine’s 2014 election to CyberBerkut, a pro-Russian hacktivist group.

"A lot of us think it was a test case to see what they could actually get away with," says Vince Houghton, the curator at the International Spy Museum and a historian who specializes in technological intelligence. "They’ve been practicing this for a little while."

Intelligence experts and security investigators have also previously blamed Kremlin-backed hackers for breaking into unclassified email networks at the White House and State Department.

But former military intelligence analyst-turned-journalist James Bamford wrote in Reuters this week that the information leaking tactics allegedly used by Russia mirrored US espionage tactics in the Cold War, including President Harry S. Truman's so-called "Campaign of Truth" aimed at publicly smearing the Soviet Union through snooping and infiltration. 

Dr. Houghton also cited Italy's 1948 presidential election, when he said the CIA and State Department helped Rome's Western-friendly government defeat the insurgent communists. "This is what intelligence agencies do," he said.  

Yet, there are few comparable examples in the Digital Age.

WikiLeaks first became known for leaking hundreds of thousands of sensitive State Department diplomatic cables and video footage of US soldiers killing civilians in Iraq. Now, experts say that governments have figured out how to use WikiLeaks to their own advantage. And the US, appears to be struggling to cope with that dynamic.

“That’s something that we need to do our homework on,” said Mr. Lewis of CSIS. “It’s not a war and it’s not military, but you have to punch back.”

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.